Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-04 18:01:42 +01:00
Code Issues Projects Releases Wiki Activity

Do not allow contributors to set the post slug for pending review posts. fixes #7805

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@9055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2008-10-02 04:10:54 +00:00
parent 28d9d8fde9
commit 15ff2bf868
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-admin/edit-form-advanced.php
View File

@ -374,7 +374,8 @@ function post_slug_meta_box($post) {
<label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /> <label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
<?php <?php
} }
add_meta_box('slugdiv', __('Post Slug'), 'post_slug_meta_box', 'post', 'normal', 'core'); if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) )
add_meta_box('slugdiv', __('Post Slug'), 'post_slug_meta_box', 'post', 'normal', 'core');
$authors = get_editable_user_ids( $current_user->id ); // TODO: ROLE SYSTEM $authors = get_editable_user_ids( $current_user->id ); // TODO: ROLE SYSTEM
if ( $post->post_author && !in_array($post->post_author, $authors) ) if ( $post->post_author && !in_array($post->post_author, $authors) )
@ -481,11 +482,13 @@ else
</div> </div>
<div class="inside"> <div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?> <?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
<?php if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) ) { ?>
<div id="edit-slug-box"> <div id="edit-slug-box">
<?php if ( ! empty($post->ID) && ! empty($sample_permalink_html) ) : <?php if ( ! empty($post->ID) && ! empty($sample_permalink_html) ) :
echo $sample_permalink_html; echo $sample_permalink_html;
endif; ?> endif; ?>
</div> </div>
<?php } ?>
</div> </div>
</div> </div>

16
wp-includes/post.php
View File

@ -1350,21 +1350,25 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
$guid = get_post_field( 'guid', $post_ID ); $guid = get_post_field( 'guid', $post_ID );
} }
// Create a valid post name. Drafts are allowed to have an empty // Don't allow contributors to set to set the post slug for pending review posts
if ( 'pending' == $post_status && !current_user_can( 'publish_posts' ) )
$post_name = '';
// Create a valid post name. Drafts and pending posts are allowed to have an empty
// post name. // post name.
if ( empty($post_name) ) { if ( empty($post_name) ) {
if ( 'draft' != $post_status ) if ( !in_array( $post_status, array( 'draft', 'pending' ) ) )
$post_name = sanitize_title($post_title); $post_name = sanitize_title($post_title);
} else { } else {
$post_name = sanitize_title($post_name); $post_name = sanitize_title($post_name);
} }
// If the post date is empty (due to having been new or a draft) and status is not 'draft', set date to now // If the post date is empty (due to having been new or a draft) and status is not 'draft' or 'pending', set date to now
if ( empty($post_date) || '0000-00-00 00:00:00' == $post_date ) if ( empty($post_date) || '0000-00-00 00:00:00' == $post_date )
$post_date = current_time('mysql'); $post_date = current_time('mysql');
if ( empty($post_date_gmt) || '0000-00-00 00:00:00' == $post_date_gmt ) { if ( empty($post_date_gmt) || '0000-00-00 00:00:00' == $post_date_gmt ) {
if ( !in_array($post_status, array('draft', 'pending')) ) if ( !in_array( $post_status, array( 'draft', 'pending' ) ) )
$post_date_gmt = get_gmt_from_date($post_date); $post_date_gmt = get_gmt_from_date($post_date);
else else
$post_date_gmt = '0000-00-00 00:00:00'; $post_date_gmt = '0000-00-00 00:00:00';
@ -1414,7 +1418,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
if ( !isset($post_password) ) if ( !isset($post_password) )
$post_password = ''; $post_password = '';
if ( 'draft' != $post_status ) { if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) {
$post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent)); $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent));
if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) {
@ -1457,7 +1461,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
$where = array( 'ID' => $post_ID ); $where = array( 'ID' => $post_ID );
} }
if ( empty($post_name) && 'draft' != $post_status ) { if ( empty($post_name) && !in_array( $post_status, array( 'draft', 'pending' ) ) ) {
$post_name = sanitize_title($post_title, $post_ID); $post_name = sanitize_title($post_title, $post_ID);
$wpdb->update( $wpdb->posts, compact( 'post_name' ), $where ); $wpdb->update( $wpdb->posts, compact( 'post_name' ), $where );
} }